Wireless communications technologies are frequently used for a wide variety of applications, such as remote controls, wireless network connections of computers, e-commerce applications or the like. In many applications it is desired to establish a secure communications link between two or more communications devices. This may for example be desired in order to minimise the risk of unauthorised use or misuse or the risk of unauthorised retrieval of information transmitted via the communications link. Hence, effective authentication and encryption schemes are desired in order to mutually authenticate the devices participating in a communication, and to be able to encrypt the information transmitted via a communications link.
These mechanisms are typically implemented on the basis of secret keys which are known by the communicating devices, and which may be used to authenticate the corresponding other device and/or to encrypt transmitted information.
In a situation where a user communications device may connect to multiple other communications devices, a large number of possible combinations of communicating devices exist. This may occur in a situation where a user carrying a user communications device may gain access to a service via multiple service communications devices.
The Bluetooth technology is an example of a short-range wireless communications technology. The Bluetooth technology enables different units to communicate at a high speed and may be used in a variety of applications including ad-hoc networks of computers and other electronic equipment, e-commerce applications where a portable electronic user communications device may be used as an electronic ticket or key. The user communications device, e.g. a mobile phone, may connect to a service communications device which may grant or deny access to a location or a service.
In many of the above examples there is a need for a fast authentication of a communications unit or to set up a secure encrypted link between two communications units.
It is known from the Bluetooth specifications (see Bluetooth SIG: “Specification of the Bluetooth system”, Version 1.0B, 1. December 1999, to create security associations between different Bluetooth units, to authenticate units and to encrypt communications links. The Bluetooth baseband security mechanisms perform authentication and encryption based on shared secret link keys between two Bluetooth units.
However, the above prior art solution is only concerned with two main types of link keys: combination keys and unit keys. A combination key is unique to each combination of Bluetooth units. A unit key is unique to a certain unit and this unit uses this unit key for all its connections.
Hence, in a situation with a large number of possible combinations of communicating units, the use of combination keys implies that each unit may have to store a combination key for every possible other communications device with which it may communicate. This solution requires a large amount of storage capacity in a communications unit for storing a large number of combination keys. Furthermore, if new communications devices are put into service or communications devices are replaced with others, the lists of combination keys in many other communications devices may have to be updated.
The use of unit keys, on the other hand, has the disadvantage that it only provides a lower level of security, because the same key is used for a large number of connections. Furthermore, this solution does not allow the use of different security levels for different communications links.
Furthermore, the above prior art method requires an initialisation or pairing procedure between two units in order to create a link key between those two units. Hence, it is a disadvantage of the above prior art method that a user may have to pair his or her device with all possible communications devices with which he or she may want to communicate.